2N/A/*
2N/A * CDDL HEADER START
2N/A *
2N/A * The contents of this file are subject to the terms of the
2N/A * Common Development and Distribution License (the "License").
2N/A * You may not use this file except in compliance with the License.
2N/A *
2N/A * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
2N/A * or http://www.opensolaris.org/os/licensing.
2N/A * See the License for the specific language governing permissions
2N/A * and limitations under the License.
2N/A *
2N/A * When distributing Covered Code, include this CDDL HEADER in each
2N/A * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
2N/A * If applicable, add the following below this CDDL HEADER, with the
2N/A * fields enclosed by brackets "[]" replaced with your own identifying
2N/A * information: Portions Copyright [yyyy] [name of copyright owner]
2N/A *
2N/A * CDDL HEADER END
2N/A */
2N/A/*
2N/A * Copyright (c) 1999, 2011, Oracle and/or its affiliates. All rights reserved.
2N/A */
2N/A
2N/A/*
2N/A * glue routine for gss_acquire_cred
2N/A */
2N/A#include <mglueP.h>
2N/A#include "gssapiP_generic.h"
2N/A#include <stdio.h>
2N/A#ifdef HAVE_STDLIB_H
2N/A#include <stdlib.h>
2N/A#endif
2N/A#include <string.h>
2N/A#include <errno.h>
2N/A#include <time.h>
2N/A
2N/A/* local functions */
2N/Astatic gss_OID_set create_actual_mechs(const gss_OID, int);
2N/A
2N/Astatic gss_OID_set
2N/Acreate_actual_mechs(mechs_array, count)
2N/A const gss_OID mechs_array;
2N/A int count;
2N/A{
2N/A gss_OID_set actual_mechs;
2N/A int i;
2N/A OM_uint32 minor;
2N/A
2N/A actual_mechs = (gss_OID_set) malloc(sizeof (gss_OID_set_desc));
2N/A if (!actual_mechs)
2N/A return (NULL);
2N/A
2N/A actual_mechs->elements = (gss_OID)
2N/A malloc(sizeof (gss_OID_desc) * count);
2N/A if (!actual_mechs->elements) {
2N/A free(actual_mechs);
2N/A return (NULL);
2N/A }
2N/A
2N/A actual_mechs->count = 0;
2N/A
2N/A for (i = 0; i < count; i++) {
2N/A actual_mechs->elements[i].elements = (void *)
2N/A malloc(mechs_array[i].length);
2N/A if (actual_mechs->elements[i].elements == NULL) {
2N/A (void) gss_release_oid_set(&minor, &actual_mechs);
2N/A return (NULL);
2N/A }
2N/A g_OID_copy(&actual_mechs->elements[i], &mechs_array[i]);
2N/A actual_mechs->count++;
2N/A }
2N/A
2N/A return (actual_mechs);
2N/A}
2N/A
2N/Astatic OM_uint32
2N/Aval_acq_cred_args(
2N/A OM_uint32 *minor_status,
2N/A /*LINTED*/
2N/A gss_name_t desired_name,
2N/A /*LINTED*/
2N/A OM_uint32 time_req,
2N/A /*LINTED*/
2N/A gss_OID_set desired_mechs,
2N/A int cred_usage,
2N/A gss_cred_id_t *output_cred_handle,
2N/A gss_OID_set *actual_mechs,
2N/A OM_uint32 *time_rec)
2N/A{
2N/A
2N/A /* Initialize outputs. */
2N/A
2N/A if (minor_status != NULL)
2N/A *minor_status = 0;
2N/A
2N/A if (output_cred_handle != NULL)
2N/A *output_cred_handle = GSS_C_NO_CREDENTIAL;
2N/A
2N/A if (actual_mechs != NULL)
2N/A *actual_mechs = GSS_C_NULL_OID_SET;
2N/A
2N/A if (time_rec != NULL)
2N/A *time_rec = 0;
2N/A
2N/A /* Validate arguments. */
2N/A
2N/A if (minor_status == NULL)
2N/A return (GSS_S_CALL_INACCESSIBLE_WRITE);
2N/A
2N/A if (output_cred_handle == NULL)
2N/A return (GSS_S_CALL_INACCESSIBLE_WRITE);
2N/A
2N/A if (cred_usage != GSS_C_ACCEPT &&
2N/A cred_usage != GSS_C_INITIATE &&
2N/A cred_usage != GSS_C_BOTH) {
2N/A if (minor_status) {
2N/A *minor_status = EINVAL;
2N/A map_errcode(minor_status);
2N/A }
2N/A return (GSS_S_FAILURE);
2N/A }
2N/A
2N/A return (GSS_S_COMPLETE);
2N/A}
2N/A
2N/AOM_uint32
2N/Agss_acquire_cred(minor_status,
2N/A desired_name,
2N/A time_req,
2N/A desired_mechs,
2N/A cred_usage,
2N/A output_cred_handle,
2N/A actual_mechs,
2N/A time_rec)
2N/A
2N/AOM_uint32 * minor_status;
2N/Aconst gss_name_t desired_name;
2N/AOM_uint32 time_req;
2N/Aconst gss_OID_set desired_mechs;
2N/Aint cred_usage;
2N/Agss_cred_id_t *output_cred_handle;
2N/Agss_OID_set * actual_mechs;
2N/AOM_uint32 * time_rec;
2N/A
2N/A{
2N/A OM_uint32 major = GSS_S_FAILURE;
2N/A OM_uint32 initTimeOut, acceptTimeOut, outTime = GSS_C_INDEFINITE;
2N/A gss_OID_set_desc default_OID_set;
2N/A gss_OID_set mechs;
2N/A gss_OID_desc default_OID;
2N/A gss_mechanism mech;
2N/A unsigned int i;
2N/A gss_union_cred_t creds;
2N/A
2N/A major = val_acq_cred_args(minor_status,
2N/A desired_name,
2N/A time_req,
2N/A desired_mechs,
2N/A cred_usage,
2N/A output_cred_handle,
2N/A actual_mechs,
2N/A time_rec);
2N/A if (major != GSS_S_COMPLETE)
2N/A return (major);
2N/A
2N/A /* Initial value needed below. */
2N/A major = GSS_S_FAILURE;
2N/A
2N/A /*
2N/A * if desired_mechs equals GSS_C_NULL_OID_SET, then pick an
2N/A * appropriate default. We use the first mechanism in the
2N/A * mechansim list as the default. This set is created with
2N/A * statics thus needs not be freed
2N/A */
2N/A if (desired_mechs == GSS_C_NULL_OID_SET) {
2N/A mech = __gss_get_mechanism(NULL);
2N/A if (mech == NULL)
2N/A return (GSS_S_BAD_MECH);
2N/A
2N/A mechs = &default_OID_set;
2N/A default_OID_set.count = 1;
2N/A default_OID_set.elements = &default_OID;
2N/A default_OID.length = mech->mech_type.length;
2N/A default_OID.elements = mech->mech_type.elements;
2N/A } else
2N/A mechs = desired_mechs;
2N/A
2N/A if (mechs->count == NULL)
2N/A return (GSS_S_BAD_MECH);
2N/A
2N/A /* allocate the output credential structure */
2N/A creds = (gss_union_cred_t)malloc(sizeof (gss_union_cred_desc));
2N/A if (creds == NULL)
2N/A return (GSS_S_FAILURE);
2N/A
2N/A /* initialize to 0s */
2N/A (void) memset(creds, 0, sizeof (gss_union_cred_desc));
2N/A creds->loopback = creds;
2N/A
2N/A /* for each requested mech attempt to obtain a credential */
2N/A for (i = 0; i < mechs->count; i++) {
2N/A major = gss_add_cred(minor_status, (gss_cred_id_t)creds,
2N/A desired_name,
2N/A &mechs->elements[i],
2N/A cred_usage, time_req, time_req, NULL,
2N/A NULL, &initTimeOut, &acceptTimeOut);
2N/A if (major == GSS_S_COMPLETE) {
2N/A /* update the credential's time */
2N/A if (cred_usage == GSS_C_ACCEPT) {
2N/A if (outTime > acceptTimeOut)
2N/A outTime = acceptTimeOut;
2N/A } else if (cred_usage == GSS_C_INITIATE) {
2N/A if (outTime > initTimeOut)
2N/A outTime = initTimeOut;
2N/A } else {
2N/A /*
2N/A * time_rec is the lesser of the
2N/A * init/accept times
2N/A */
2N/A if (initTimeOut > acceptTimeOut)
2N/A outTime = (outTime > acceptTimeOut) ?
2N/A acceptTimeOut : outTime;
2N/A else
2N/A outTime = (outTime > initTimeOut) ?
2N/A initTimeOut : outTime;
2N/A }
2N/A }
2N/A } /* for */
2N/A
2N/A /* ensure that we have at least one credential element */
2N/A if (creds->count < 1) {
2N/A free(creds);
2N/A return (major);
2N/A }
2N/A
2N/A /*
2N/A * fill in output parameters
2N/A * setup the actual mechs output parameter
2N/A */
2N/A if (actual_mechs != NULL) {
2N/A if ((*actual_mechs = create_actual_mechs(creds->mechs_array,
2N/A creds->count)) == NULL) {
2N/A (void) gss_release_cred(minor_status,
2N/A (gss_cred_id_t *)&creds);
2N/A *minor_status = 0;
2N/A return (GSS_S_FAILURE);
2N/A }
2N/A }
2N/A
2N/A if (time_rec)
2N/A *time_rec = outTime;
2N/A
2N/A
2N/A creds->loopback = creds;
2N/A *output_cred_handle = (gss_cred_id_t)creds;
2N/A return (GSS_S_COMPLETE);
2N/A}
2N/A
2N/Astatic OM_uint32
2N/Aval_add_cred_args(
2N/A OM_uint32 *minor_status,
2N/A gss_cred_id_t input_cred_handle,
2N/A /*LINTED*/
2N/A gss_name_t desired_name,
2N/A /*LINTED*/
2N/A gss_OID desired_mech,
2N/A gss_cred_usage_t cred_usage,
2N/A /*LINTED*/
2N/A OM_uint32 initiator_time_req,
2N/A /*LINTED*/
2N/A OM_uint32 acceptor_time_req,
2N/A gss_cred_id_t *output_cred_handle,
2N/A gss_OID_set *actual_mechs,
2N/A OM_uint32 *initiator_time_rec,
2N/A OM_uint32 *acceptor_time_rec)
2N/A{
2N/A
2N/A /* Initialize outputs. */
2N/A
2N/A if (minor_status != NULL)
2N/A *minor_status = 0;
2N/A
2N/A if (output_cred_handle != NULL)
2N/A *output_cred_handle = GSS_C_NO_CREDENTIAL;
2N/A
2N/A if (actual_mechs != NULL)
2N/A *actual_mechs = GSS_C_NO_OID_SET;
2N/A
2N/A if (acceptor_time_rec != NULL)
2N/A *acceptor_time_rec = 0;
2N/A
2N/A if (initiator_time_rec != NULL)
2N/A *initiator_time_rec = 0;
2N/A /* Validate arguments. */
2N/A
2N/A if (minor_status == NULL)
2N/A return (GSS_S_CALL_INACCESSIBLE_WRITE);
2N/A
2N/A if (input_cred_handle == GSS_C_NO_CREDENTIAL &&
2N/A output_cred_handle == NULL)
2N/A return (GSS_S_CALL_INACCESSIBLE_WRITE | GSS_S_NO_CRED);
2N/A
2N/A if (cred_usage != GSS_C_ACCEPT &&
2N/A cred_usage != GSS_C_INITIATE &&
2N/A cred_usage != GSS_C_BOTH) {
2N/A if (minor_status) {
2N/A *minor_status = EINVAL;
2N/A map_errcode(minor_status);
2N/A }
2N/A return (GSS_S_FAILURE);
2N/A }
2N/A
2N/A return (GSS_S_COMPLETE);
2N/A}
2N/A
2N/A/* V2 INTERFACE */
2N/AOM_uint32
2N/Agss_add_cred(minor_status, input_cred_handle,
2N/A desired_name, desired_mech, cred_usage,
2N/A initiator_time_req, acceptor_time_req,
2N/A output_cred_handle, actual_mechs,
2N/A initiator_time_rec, acceptor_time_rec)
2N/A OM_uint32 *minor_status;
2N/A const gss_cred_id_t input_cred_handle;
2N/A const gss_name_t desired_name;
2N/A const gss_OID desired_mech;
2N/A gss_cred_usage_t cred_usage;
2N/A OM_uint32 initiator_time_req;
2N/A OM_uint32 acceptor_time_req;
2N/A gss_cred_id_t *output_cred_handle;
2N/A gss_OID_set *actual_mechs;
2N/A OM_uint32 *initiator_time_rec;
2N/A OM_uint32 *acceptor_time_rec;
2N/A{
2N/A OM_uint32 status, time_req, time_rec, temp_minor_status;
2N/A gss_mechanism mech;
2N/A gss_union_name_t union_name = NULL;
2N/A gss_union_cred_t union_cred, new_union_cred;
2N/A gss_name_t internal_name = GSS_C_NO_NAME;
2N/A gss_name_t allocated_name = GSS_C_NO_NAME;
2N/A gss_cred_id_t cred = NULL;
2N/A gss_OID new_mechs_array = NULL;
2N/A gss_cred_id_t *new_cred_array = NULL;
2N/A
2N/A status = val_add_cred_args(minor_status,
2N/A input_cred_handle,
2N/A desired_name,
2N/A desired_mech,
2N/A cred_usage,
2N/A initiator_time_req,
2N/A acceptor_time_req,
2N/A output_cred_handle,
2N/A actual_mechs,
2N/A initiator_time_rec,
2N/A acceptor_time_rec);
2N/A if (status != GSS_S_COMPLETE)
2N/A return (status);
2N/A
2N/A mech = __gss_get_mechanism(desired_mech);
2N/A if (!mech)
2N/A return (GSS_S_BAD_MECH);
2N/A else if (!mech->gss_acquire_cred)
2N/A return (GSS_S_UNAVAILABLE);
2N/A
2N/A if (input_cred_handle == GSS_C_NO_CREDENTIAL) {
2N/A union_cred = malloc(sizeof (gss_union_cred_desc));
2N/A if (union_cred == NULL)
2N/A return (GSS_S_FAILURE);
2N/A
2N/A (void) memset(union_cred, 0, sizeof (gss_union_cred_desc));
2N/A } else {
2N/A /* Input Cred is non-NULL */
2N/A union_cred = (gss_union_cred_t)input_cred_handle;
2N/A
2N/A if (__gss_get_mechanism_cred(union_cred, desired_mech) !=
2N/A GSS_C_NO_CREDENTIAL) {
2N/A status = GSS_S_DUPLICATE_ELEMENT;
2N/A goto errout;
2N/A }
2N/A
2N/A /*
2N/A * If no name was given, determine the name from the
2N/A * existing credential.
2N/A */
2N/A if (desired_name == GSS_C_NO_NAME) {
2N/A if (gss_import_name(minor_status,
2N/A &union_cred->auxinfo.name,
2N/A union_cred->auxinfo.name_type,
2N/A &allocated_name) == GSS_S_COMPLETE &&
2N/A (gss_canonicalize_name(minor_status,
2N/A allocated_name,
2N/A &mech->mech_type,
2N/A NULL) == GSS_S_COMPLETE)) {
2N/A internal_name = allocated_name;
2N/A }
2N/A } /* else, get the name from the desired_name below */
2N/A }
2N/A if (desired_name != GSS_C_NO_NAME) {
2N/A /* may need to create a mechanism specific name */
2N/A union_name = (gss_union_name_t)desired_name;
2N/A
2N/A if (union_name->mech_type &&
2N/A g_OID_equal(union_name->mech_type,
2N/A &mech->mech_type))
2N/A internal_name = union_name->mech_name;
2N/A else {
2N/A if (__gss_import_internal_name(minor_status,
2N/A &mech->mech_type, union_name,
2N/A &allocated_name) != GSS_S_COMPLETE) {
2N/A status = GSS_S_BAD_NAME;
2N/A goto errout;
2N/A }
2N/A internal_name = allocated_name;
2N/A }
2N/A }
2N/A
2N/A if (cred_usage == GSS_C_ACCEPT)
2N/A time_req = acceptor_time_req;
2N/A else if (cred_usage == GSS_C_INITIATE)
2N/A time_req = initiator_time_req;
2N/A else if (cred_usage == GSS_C_BOTH)
2N/A time_req = (acceptor_time_req > initiator_time_req) ?
2N/A acceptor_time_req : initiator_time_req;
2N/A else
2N/A time_req = 0;
2N/A
2N/A status = mech->gss_acquire_cred(minor_status,
2N/A internal_name, time_req,
2N/A GSS_C_NULL_OID_SET, cred_usage,
2N/A &cred, NULL, &time_rec);
2N/A
2N/A if (status != GSS_S_COMPLETE) {
2N/A map_error(minor_status, mech);
2N/A goto errout;
2N/A }
2N/A
2N/A /* may need to set credential auxinfo structure */
2N/A if (union_cred->auxinfo.creation_time == 0) {
2N/A union_cred->auxinfo.creation_time = time(NULL);
2N/A union_cred->auxinfo.time_rec = time_rec;
2N/A union_cred->auxinfo.cred_usage = cred_usage;
2N/A
2N/A /*
2N/A * If internal_name is GSS_C_NO_NAME a cred with no associated
2N/A * name was requested: don't set auxinfo.name or auxinfo.name_type.
2N/A */
2N/A if (internal_name != GSS_C_NO_NAME) {
2N/A if ((status = mech->gss_display_name(
2N/A &temp_minor_status, internal_name,
2N/A &union_cred->auxinfo.name,
2N/A &union_cred->auxinfo.name_type)) !=
2N/A GSS_S_COMPLETE)
2N/A goto errout;
2N/A }
2N/A }
2N/A
2N/A /* now add the new credential elements */
2N/A new_mechs_array = (gss_OID)
2N/A malloc(sizeof (gss_OID_desc) * (union_cred->count+1));
2N/A
2N/A new_cred_array = (gss_cred_id_t *)
2N/A malloc(sizeof (gss_cred_id_t) * (union_cred->count+1));
2N/A
2N/A if (!new_mechs_array || !new_cred_array) {
2N/A status = GSS_S_FAILURE;
2N/A goto errout;
2N/A }
2N/A
2N/A if (acceptor_time_rec)
2N/A if (cred_usage == GSS_C_ACCEPT || cred_usage == GSS_C_BOTH)
2N/A *acceptor_time_rec = time_rec;
2N/A if (initiator_time_rec)
2N/A if (cred_usage == GSS_C_INITIATE || cred_usage == GSS_C_BOTH)
2N/A *initiator_time_rec = time_rec;
2N/A
2N/A /*
2N/A * OK, expand the mechanism array and the credential array
2N/A */
2N/A (void) memcpy(new_mechs_array, union_cred->mechs_array,
2N/A sizeof (gss_OID_desc) * union_cred->count);
2N/A (void) memcpy(new_cred_array, union_cred->cred_array,
2N/A sizeof (gss_cred_id_t) * union_cred->count);
2N/A
2N/A new_cred_array[union_cred->count] = cred;
2N/A if ((new_mechs_array[union_cred->count].elements =
2N/A malloc(mech->mech_type.length)) == NULL)
2N/A goto errout;
2N/A
2N/A g_OID_copy(&new_mechs_array[union_cred->count],
2N/A &mech->mech_type);
2N/A
2N/A if (actual_mechs) {
2N/A *actual_mechs = create_actual_mechs(new_mechs_array,
2N/A union_cred->count + 1);
2N/A if (*actual_mechs == NULL) {
2N/A free(new_mechs_array[union_cred->count].elements);
2N/A goto errout;
2N/A }
2N/A }
2N/A
2N/A if (output_cred_handle == NULL) {
2N/A free(union_cred->mechs_array);
2N/A free(union_cred->cred_array);
2N/A new_union_cred = union_cred;
2N/A } else {
2N/A new_union_cred = malloc(sizeof (gss_union_cred_desc));
2N/A if (new_union_cred == NULL) {
2N/A free(new_mechs_array[union_cred->count].elements);
2N/A goto errout;
2N/A }
2N/A *new_union_cred = *union_cred;
2N/A *output_cred_handle = (gss_cred_id_t)new_union_cred;
2N/A }
2N/A
2N/A new_union_cred->mechs_array = new_mechs_array;
2N/A new_union_cred->cred_array = new_cred_array;
2N/A new_union_cred->count++;
2N/A new_union_cred->loopback = new_union_cred;
2N/A
2N/A /* We're done with the internal name. Free it if we allocated it. */
2N/A
2N/A if (allocated_name)
2N/A (void) __gss_release_internal_name(&temp_minor_status,
2N/A &mech->mech_type,
2N/A &allocated_name);
2N/A
2N/A return (GSS_S_COMPLETE);
2N/A
2N/Aerrout:
2N/A if (new_mechs_array)
2N/A free(new_mechs_array);
2N/A if (new_cred_array)
2N/A free(new_cred_array);
2N/A
2N/A if (cred != NULL && mech->gss_release_cred)
2N/A mech->gss_release_cred(&temp_minor_status, &cred);
2N/A
2N/A if (allocated_name)
2N/A (void) __gss_release_internal_name(&temp_minor_status,
2N/A &mech->mech_type,
2N/A &allocated_name);
2N/A
2N/A if (input_cred_handle == GSS_C_NO_CREDENTIAL && union_cred) {
2N/A if (union_cred->auxinfo.name.value)
2N/A free(union_cred->auxinfo.name.value);
2N/A free(union_cred);
2N/A }
2N/A
2N/A return (status);
2N/A}